Vault Agent with Kubernetes - getting connection refused error

I am trying the sample example Vault Agent Auto-Auth using the kubernetes auth method. I have followed all the steps given in [] but while login request getting connection refused.

I have configured K8s using below commands -

export VAULT_SA_NAME=$(sudo kubectl get sa vault-auth-k8s -n namespace1 -o jsonpath="{.secrets[*][‘name’]}")

export SA_JWT_TOKEN=(sudo kubectl get secret -n namespace1$VAULT_SA_NAME -o jsonpath="{.data.token}" | base64 --decode; echo)

export SA_CA_CRT=$(sudo kubectl get secret -n namespace1$VAULT_SA_NAME -o jsonpath="{.data[‘ca.crt’]}" | base64 --decode; echo)

export K8S_HOST=“” ##Using k3s so using kubernetes host address as

–header “X-Vault-Token: $VAULT_TOKEN”
–request POST
–data ‘{“type”: “kubernetes”}’

sudo kubectl exec vault-0 -n namespace1 – vault write auth/kubernetes/config

sudo kubectl exec vault-0 -n namespace1 – vault write auth/kubernetes/role/example

TOKEN=$(sudo kubectl get secrets -n namespace1 -o jsonpath="{.items[?(@.metadata.annotations[‘’]=='vault-auth-k8s’)].data.token}"|base64 --decode)

curl --request POST --data ‘{“jwt”: "’"$TOKEN"’", “role”: “example”}’ http://X.X.X.X:8200/v1/auth/kubernetes/login

Once we run the above command getting error (error displayed in vault-0) -
[ERROR] auth.kubernetes.auth_kubernetes_e415b64a: login unauthorized due to: Post [] dial tcp connect: connection refused

Please help if any configuration is missing or have done any wrong configurations.
Using vault port as 8200 and K8s host port as 8443

Hi, any chance you can reformat the post? It’s quite hard to read.
I have not used k3s much, but could it be that when you are in the context of your vault pod, the kubernetes api is not exposed under localhost hence you get a connection refused?

Thanks for the reply. I have modified my post and hope so it is more readable now. My all pods(including Vault) are in same kubernetes node as I am doing it localy on my machine.
But if I run the following commands I am able to access K8s apis on same machine.

TOKEN=$(sudo kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations[‘’]=='default’)].data.token}"|base64 --decode)

curl -X GET --header “Authorization: Bearer $TOKEN” --insecure
Curl command Output:
“kind”: “APIGroupList”,
“apiVersion”: “v1”,
“groups”: [
“name”: “”,
“versions”: [
“groupVersion”: “”,
“version”: “v1”
“groupVersion”: “”,
“version”: “v1beta1”
], … *omitted due to long output

When I use the same url through vault then getting connection refused error.